RFC 5077 ticket key derivation

Sam Hartman hartmans at mit.edu
Tue Mar 31 19:19:29 CEST 2015

 * Signs the administrator configured key, using the private key associated with the
 * SSL context, then hashes the signature to get a key of an appropriate length,
 * which is fed to the hmac and encryption contexts for the session ticket.

wait. What?
I'm not parsing what you're trying to do there, and it's triggering my
security spidy sense.
Why do you ever want to hash a signature to get an encryption key?


More information about the Freeradius-Devel mailing list